LLTP Locker Ransomware - IOC - File Details


1) Ransomware Name - LLTP Locker

2) Encrypted Extensions -
.ENCRYPTED_BY_LLTP
.ENCRYPTED_BY_LLTPp

3) Ransom Note File - LEAME.txt

4) Encrypted Algorithm - AES-256 + RSA

5) Decryptor Link - NA

6) Screenshot -

7) Indicaators of Compromise -
xxxx://i.imgur.com/VdREVyH.jpg - скринлок на обои;
xxxx://moniestealer.co.nf/nran/gen.php - C&C-сервер;
Email: LLTP@mail2tor.com


8) File Details -
MD5 4eaac55ddd279d402d0aba8707b9ca5b
SHA1 353420879d240926ee3be94486358e1495381b53
SHA256 46f8dc86d571a6bda00faade21b719ec82c5a1dda3b0fc54bb053a5004557e2d
ssdeep12288: AdgtTWupXNT35AcFqTC9mUoE + Yfz3OlZUW + 7xsvceR0KtjYxQFmLv: thZpXJ3SGqTC9l5Br3qZlCxarjpFmLv
authentihash  d49fb088b5e847cedc9b33b880862ab7760be05620363104035a795327ff6a26
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 939.0 KB (961536 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

MD5 ed3dad6c60222d6a90716ea77769511d
SHA1 25e6d131dfcf5cca9f5330a7a65faf3a64220ddc
SHA256 a3b2ad5dc747c533871c691a1f78631063b08549e213e7abbac5e961588d10ea
ssdeep12288: rZtTWupXNT35AcFqTC9mtjE + Yfz3OlZUW + 7xsvceR0KtjYxQFmLv: thZpXJ3SGqTC9gYBr3qZlCxarjpFmLv
authentihash  068be4c743e26d6a5b53d9941e1f8d5ec145f747ab7e36331b7df61ede800355
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The file size is 934.5 KB (956928 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments